/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.syncope.common.rest.api.service;

import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityRequirements;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.MediaType;
import org.apache.syncope.common.lib.oidc.OIDCConstants;
import org.apache.syncope.common.lib.oidc.OIDCLoginResponse;
import org.apache.syncope.common.lib.oidc.OIDCRequest;
import org.apache.syncope.common.rest.api.RESTHeaders;

/**
 * REST operations for OpenID Connect Clients.
 */
@Tag(name = "OpenID Connect 1.0 C4UI")
@SecurityRequirements({
    @SecurityRequirement(name = "BasicAuthentication"),
    @SecurityRequirement(name = "Bearer") })
@Path("oidcc4ui/clients")
public interface OIDCC4UIService extends JAXRSService {

    /**
     * Generates OpenID Connect authentication request for the Provider matching the provided op.
     *
     * @param redirectURI redirect URI
     * @param op OpenID Connect Provider
     * @return OpenID Connect authentication request
     */
    @POST
    @Path("loginRequest")
    @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
    OIDCRequest createLoginRequest(
            @QueryParam(OIDCConstants.REDIRECT_URI) String redirectURI,
            @QueryParam(OIDCConstants.OP) String op);

    /**
     * Uses the provided authorization code to go through the OpenID Connect tokens process and finally creates JWT for
     * the matching user, if found.
     *
     * @param redirectURI redirect URI
     * @param authorizationCode authorization code generated by the remote OpenID Connect Provider
     * @param op OpenID Connect Provider
     * @return JWT for the matching user plus attributes returned in the response
     */
    @POST
    @Path("login")
    @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
    OIDCLoginResponse login(
            @QueryParam(OIDCConstants.REDIRECT_URI) String redirectURI,
            @QueryParam("authorizationCode") String authorizationCode,
            @QueryParam(OIDCConstants.OP) String op);

    /**
     * Returns the endSession endpoint for the OP matching the requesting access token.
     *
     * @param redirectURI redirect URI
     * @return endSession endpoint for the OP matching the requesting access token
     */
    @POST
    @Path("logout")
    @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
    OIDCRequest createLogoutRequest(@QueryParam(OIDCConstants.REDIRECT_URI) String redirectURI);
}
